Route traffic from WIndows to Linux(Kali) - linux

I'm currently trying to route my internet traffic from my Windows laptop(192.168.1.73) to my other laptop running Kali Linux(192.168.1.64), both on the same network. The idea is the Linux laptop would anonymise the traffic sent, possibly hiding my IP in some way. I'm stuck on how to exactly go about this. I've tried using OpenVPN but to no avail.

192.168.1.x is not public IP subnet. So both your computers are in local net. And so one or both have yet default gateway address for access to Internet and another networks. If you want route Internet traffic through the Windows Laptop to Linux computer you have to setup the Windows IP address like default gateway for Linux computer.
Then on Windows you can used two options for access to Internet for Linux:
1. enabled routing functions use Windows like just router
2. used third party software (like Wingate etc) use Windows like NAT proxy
In the first option the Linux IP address will be view at ISP devices
In the second option the Linux IP address will be change on Windows IP adress
The first is very simple for management. The second is harder.
But I don't understood why it all. If you wanna more security in Internet network you can use https://www.whonix.org/wiki/Download and get maximum security level.

I'd honestly trash this idea and use Tor browser instead, you will be 100% anonymous if you follow the guidelines on their website.
The Tor project:
https://www.torproject.org/
Tips on staying anonymous:
https://www.torproject.org/about/overview.html.en#stayinganonymous
Well and if you seriously want to route the traffic to your Kali machine, use some built-in MITM tools (eg. Arpspoof), but be aware, that this will NOT make you anonymous to the outside (Internet).
Here is how you set-up the MITM, but without the intercepting of traffic:
First, we need to forward all the trafic that the Kali machine recieves to the internet
sysctl -w net.ipv4.ip_forward=1
Then you need to send the forged ARP replies
arpspoof -i [Network Interface Name] -t [Windows IP] [Router IP]
So it should look something like this, you can find the router ip by running the command ifconfig (look for "default gateway")
arpspoof -i wlan0 -t 192.168.1.73 192.168.1.1
Then it should be up and running, tunneling you through the Kali machine.

Related

How to connect to an integrated VM without using SSH tunelling

I want to connect to a locked (cannot be modified and I do not have permissions to log into) windows vm which is hosted in a linux machine. Until now these two machines were communicating via port 2277. However for security reasons, the port 2277 is only accessible via localhost (127.0.0.1).
The original proposed solution was to use ssh-tunneling. However since the hosted windows vm will always stay with the linux machine, so I was thinking something simpler.
This Windows virtual machine has ip 192.168.0.1 and the default gateway is 192.168.0.2. The later is the ip address that my linux machine can see.
After searching the internet I tried
socat TCP4:192.168.0.1:2277,reuseaddr,fork TCP4:127.0.0.1:2277
as well as some other random combinations without success.
My understanding is that this failed because for socat to work both sockets must be open.
However the first one is not open by default (checked with ss -ltn) as I need to run the windows service first (which it cannot run as it cannot communicate with iphost:2277)
Any ideas on how to proceed?
Socat provides the retry=N and forever options to handle situations like this. Thus, try something like this:
socat -d -d TCP4:192.168.0.1:2277,reuseaddr,fork,forever TCP4:127.0.0.1:2277
With the interval=<seconds> option you can specify how long Socat waits after each failed attempt.
It turns out that the command that I wanted was the following
socat tcp-listen:2277,bind=192.168.0.1,fork,reuseaddr tcp:127.0.0.1:2277
The retry=N and forever options could be also useful.

Port Forwarding An Linux IP In Virtualbox ISSUES

Here's The Scoop,
I used SET (Social Engineering Toolkit) and made duplicite of a login page, the ip that was used was 10.0.2.15 (Mind you this is on a virtual machine Virtualbox), and when I tried to view it on another computer, it says the server is not responding.I tried to port forward but it was giveing me issues.
is there anything I can do to port forward or do something like that to make the web page connected to the IP viewable on the World Wide Web of another computer.
In other words, the IP's page is only viewable on the same computer who's ip I used to host, can you make it viewable on any computers browser by port forwarding it or something that will work like that.
Use bridging networking for the guest machine. Then, that IP address should be accessible on your network if there are no firewalls enabled.
There are several issues with directly accessing this IP from a separate computer.
First, the forwarding: the computer with the VirtualMachine must accept ip forwarding. This is easy to enable:
https://wiki.archlinux.org/index.php/Internet_sharing
Second, the routing: other computers must know who to ask when looking for 10.0.2.15. This is the hardest part. You could try adding a special route rule on the other computer, to set the host as a gateway for 10.0.2.15, but it requires you to make this on every machine that wishes to access the VM.
As Ahmed said, the easiest way is probably to use a network bridge, where the virtual machine will act as any other computer on the network, with a visible IP.

Connecting to Raspberry Pi on Remote Network (XFinity Router)

I have set up a Raspberry Pi in my home office with a Linux OS and have installed Apache (PHP/MySQL). Everything is working and I've been able to successfully connect via SSH from my computer while connected to the same network in my home.
I've seen many similar questions on here but none that can outline what I'm trying to do. I have an XFinity Router and can access it's settings using IP 10.0.0.1 locally. I've read into Port Forwarding which I've set up for the Raspberry Pi but now I'm stuck on the next step in the settings to get it set up so I can connect to it remotely (from a network outside my home's). I'm hoping to use this to host web-based PHP scripts that we can run from any web browsers as well as be able to SSH in from any internet connection.
I'm sorry if this is similar to other questions here but the XFinity interface seems to trouble me and it's not making it easy for me to wrap my head around Port Forwarding and what goes into setting this up correctly.
Thanks for your help!
You need to do three things:
Make sure your Raspberry Pi gets the same IP address on your LAN every time. This can be done by configuring your router for DHCP reservation by using the Pi's MAC (ethernet hardware address), if it supports it. To get the Pi's MAC, You can type ipconfig eth0, or you can use Advanced IP Scanner for Windows, or my own Pi Finder for Mac. (Alternatively, you can set your Pi to use a static IP address.)
Forward port 22 (SSH) in your router to the internal IP address you chose. (If your router supports forwarding a different external address to internal port 22, I recommend doing that for extra security.)
Get a consistent external IP address or name, so you can find your home network on the outside. If you don't have a static IP address from your ISP, then you will need a Dynamic DNS service, such as those offered from Dyn.com, no-ip.com, and Namecheap. You'll need to configure your router to update the service, and not all routers support all Dynamic DNS services (or any). (Alternatively, you can install a Dynamic DNS updater client on your Raspberry Pi or other computer on your home network, but that may or may not be easy.)
I can't advise specifics as to how to configure your particular router, but these three steps are what are generally required to do what you want, and the rest is figuring out the specifics of how your router wants it.

Remote ssh with no router configuration

I will be sending a linux machine to a non technical customer overseas. After the customer has connected the machine to his LAN , which is also connected to the Internet, I want to be able to ssh into this machine without requiring the customer to do any router configuration (no port forwarding for instance).
The linux machine is connected to the internet through a router. It does not have a public ip address.
Is this possible using ssh configuration only?
If not then what is the simplest way to achieve this?
I used to work in a place where we had a setup that allowed for this, but unfortunately I can't remember the details - here is are the basics of the setup though.
The customers machine would connect using SSH to a machine with a known hostname using the -R option to ssh to setup a reverse port forward. We could then connect to the known machine and use the forwarded port to get to port 22 on the customers machine.
Sorry I can't remember more, but it worked absolutely perfect :)
If that linux system is directly connected with modem then it must have public ip address so you will able to access that linux system from anywhere . but make sure the remote system has static public ip address otherwise you need to do dynamic dns.

Local DNS in a standard DHCP LAN

Our customers are typical broadband home users, with a DSL Modem/Router which offers DHCP.
We want our device which is connected to the home LAN and has an embedded HTTP Server to be addressable with a domain name (www.mydevice.ip or something). In particular, we want to avoid that the user has to get the IP address and type it into the address bar of his browser.
What solutions are available?
Has the typical DHCP Modem a DNS included - how do you use it?
Could other services offer help (eg. Bonjour)?
You can use mDNS/DNS-SD using "avahi" daemon -- this should work on mac + linux hosts, and maybe for windows.
For Windows, you can set up SAMBA to get WINS name resolution.
A "typical DHCP Modem" is no standard so there is no default answer.
What you want, is that the modem works as a DNS cache (which is pretty much the default) and additionally add your own, static DNS entries that point to the IP of the entry.
How you achieve that depends on the router...

Resources